If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

CertOpenStore and non-admin users

I'm writing some SSL code, and I've found that it can only open and use the necessary certificate if the current user has administrative privileges, and our client is adamant that this code must work for ordinary users (and they don't want to move the certificate).

So,

1. The certificate is installed in the personal store of CERT_SYSTEM_STORE_LOCAL_MACHINE. It has a private key.

Re: CertOpenStore and non-admin users

OK, well, if anyone's following this thread because they have a similar problem, I haven't solved the problem but it really does seem that ordinary, non-admin users cannot use the CERT_SYSTEM_STORE_LOCAL_MACHINE store.

Regular users only have read access to HKEY_LOCAL_MACHINE, but read-write to HKEY_CURRENT_USER (where the certificate system stores are actually located http://msdn.microsoft.com/en-us/libr...36(VS.85).aspx).
Erm, and it looks like WinHttpSendRequest needs read-write access to the certificate store? That's the only explanation I can come up with for why WinHttpSendRequest fails even when I use the READONLY flag when opening the certificate.

The 'solution' was just to move the certificate to HKEY_CURRENT_USER and change the code accordingly. Despite our client's objections that they really, really wanted the cert to be in HKEY_LOCAL_MACHINE, for no given reason.

* The Perfect Platform for Game Developers: Android
Developing rich, high performance Android games from the ground up is a daunting task. Intel has provided Android developers with a number of tools that can be leveraged by Android game developers.

* The Best Reasons to Target Windows 8
Learn some of the best reasons why you should seriously consider bringing your Android mobile development expertise to bear on the Windows 8 platform.